In this article we will talk about Types of Network Disasters, and in previous article we already discussed about Cybercrime.
It is critical to keep an organization functioning when a disaster occurs. A disaster includes any natural or human-caused event that damages assets or property and impairs the ability for the organization to continue operating.
Natural disasters differ depending on location. Some of these events are difficult to predict. Natural disasters fall into the following categories:
- Geological disasters include earthquakes, landslides, volcanoes, and tsunamis
- Meteorological disasters include hurricanes, tornadoes, snow storms, lightning, and hail
- Health disasters include widespread illnesses, quarantines, and pandemics
- Miscellaneous disasters include fires, floods, solar storms, and avalanches
Human-caused disasters involve people or organizations and fall into the following categories:
- Labor events include strikes, walkouts, and slowdowns
- Social-political events include vandalism, blockades, protests, sabotage, terrorism, and war
- Materials events include hazardous spills and fires
- Utilities disruptions include power failures, communication outages, fuel shortages, and radioactive fallout
An organization puts its disaster recovery plan (DRP) into action while the disaster is ongoing and employees are scrambling to ensure critical systems are online. The DRP includes the activities the organization takes to assess, salvage, repair, and restore damaged facilities or assets.
To create the DRP, answer the following questions:
- Who is responsible for this process?
- What does the individual need to perform the process?
- Where does the individual perform this process?
- What is the process?
- Why is the process critical?
A DRP needs to identify which processes in the organization are the most critical. During the recovery process, the organization restores its mission critical systems first.
Disaster recovery controls minimize the effects of a disaster to ensure that resources and business processes can resume operation.
There are three types of IT disaster recovery controls:
- Preventative measures include controls that prevent a disaster from occurring. These measures seek to identify risks.
- Detective measures include controls that discover unwanted events. These measures uncover new potential threats.
- Corrective measures include controls that restore the system after a disaster or an event.
Business continuity is one of the most important concepts in computer security. Even though companies do whatever they can to prevent disasters and loss of data, it is impossible to predict every possible scenario. It is important for companies to have plans in place that ensure business continuity regardless of what may occur. A business continuity plan is a broader plan than a DRP because it includes getting critical systems to another location while repair of the original facility is under way. Personnel continue to perform all business processes in an alternate manner until normal operations resume.
Availability ensures that the resources required to keep the organization going will continue to be available to the personnel and the systems that rely on them.
Business continuity controls are more than just backing up data and providing redundant hardware. Organizations need employees to properly configure and operate systems. Data can be useless until it provides information. An organization should look at the following:
- Getting the right people to the right places
- Documenting configurations
- Establishing alternate communications channels for both voice and data
- Providing power
- Identifying all dependencies for applications and processes so that they are properly understood
- Understanding how to carry out automated tasks manually